Role Setup

Welcome to Role Setup

User role rights define the actions and features that individuals can access within the Mobiloan system. To enforce this, each user is linked to a role for which you will define a predefined set of permissions - also known as Role Rights. These role rights dictate which menus, features, and functionalities the user can utilize within Mobiloan.

To accommodate the various responsibilities, Mobiloan has established "suggested role rights" for different roles, ensuring a structured and secure workflow.

Role

Primary Access

Permissions

Junior and Senior Originators

Origination Menu, Tools Menu, Maintenance Menu

Creating loan applications - Processing loan payouts - Conducting evaluations - Monitoring active loans - Generating loan quotations
Tools Menu – Access to various application tools and features - Limited Maintenance Rights (View-Only) – Restricted access to certain maintenance-related functions

Branch Managers / Operations Managers

Most rights, excluding Setup Rights

Collection Menu – Managing overdue collection tickets -
Transaction Menu – Creating loan transactions, performing day-end reconciliations —
Maintenance Menu – Editing and viewing client and loan details, maintaining operational data (e.g., employer and supplier records, service areas) - User & Device Management – Adding new users and registering devices -
Tools Menu – Access to app tools and utilities -
Reporting Menu – Viewing both standard and advanced reports

Super Users

All rights, including Setup Menu

Full control over system configuration and administrative settings - Assigning and modifying role-based permissions - Managing all operational, transaction, and reporting functions

Key Role-Based Configurations in this section include:

Assigning specific Origination, Evaluation, Collection, Transaction, Reporting, Tools, Maintenance, and Setup Rights based on each role’s responsibilities.
Restricting access to sensitive functions to ensure compliance and prevent unauthorized modifications.
Providing role-specific access to reporting tools, enabling users to generate insights relevant to their job functions.

Getting Started

To begin, either select an existing role from the table or click the "+" icon to create a new role.

Step 1 - Grant Origination Rights

Origination rights control user access to the loan origination process.

Ticked rights allow the user to perform specific origination functions.
Unticked rights restrict access to those functionalities.

Origination Right

Description

Issue stand-alone loan quotation

Allows users to generate loan quotations without initiating the full loan application process.

Create loan when face-to-face with client

Enables users to create loans directly within the system during in-person client meetings.

Create loan from online application

Grants users the ability to process loan applications submitted online by clients.

Create loan for future payout date

Allows users to create loans with a scheduled payout date at a future time.

Evaluate and approve or decline loan

Empowers users to assess loan applications, make approval/decline decisions, and potentially adjust loan parameters.

Process repayment and payout of loan

Grants users the right to proceed with the Payout Workflow.

Change preset payout method on payout

Allows users to modify the predetermined payout method on a loan during the disbursement process (if applicable).

Reattempt unconfirmed electronic loan payout

Enables users to retry failed electronic loan payouts.

Reverse paid out loan during cooling-off period

Grants users the ability to reverse a loan payout if it occurs within the client's cooling-off period (as defined by regulations).

Bulk cancel incomplete expired loans

Allows users to cancel a group of incomplete loan applications that have exceeded the expiration time limit.

Step 2 - Grant Evaluation Rights

Evaluation rights function as a critical checkpoint in the loan approval process, ensuring that only authorized users can issue a payout on specific loan conditions.

Each loan may come with unique conditions, warnings, or approval criteria that must be evaluated before proceeding. These conditions are directly linked to specific evaluation rights assigned to user roles.

If a user's role does not have a required evaluation right, they will not be able to process loans that trigger those conditions. Instead, the loan must be reassigned to another user who possesses the missing evaluation right.

Conversely, when an evaluation right is enabled (ticked) for a user’s role, that user is authorized to review and approve loans meeting those conditions without requiring intervention from another user.

Let's explore the various evaluation rights below:

General Evaluation Privileges

General Evaluation privileges define a user's authority to approve and process loans without escalation, even when system warnings are triggered.

Loan Types Authorized for Approval

Specifies which loan types a user can approve and process for payout independently.

General Warnings Handling

Determines if a user can approve loans flagged with general system warnings during origination.

Credit Enquiry Warnings

Allows users to approve loans despite warnings from the credit check, such as low credit scores or outstanding debts.

Active Loan Warnings

Grants authority to approve new loans even when the client has existing active loans.

Previous Loan Warnings

Enables approval despite past issues like late payments, defaults, or financial discrepancies.

Bank AVS-R Warnings

Permits loan approval despite bank verification warnings, such as mismatched or restricted accounts.

Client Due Diligence (CDD) Evaluation Rights

This right grants users the ability to process loan payouts that require management signoff. Since management approval indicates a high-risk client, this privilege should be assigned only to management-level users.

Relational Evaluation Privileges

Admins can control relational evaluation privileges by configuring the following limits:

Branch Access: Defining which branches a user can evaluate.
Category Access: Specifying loan categories the user can evaluate.
Loan Product Access: Assigning products the user can evaluate.

Specific Evaluation Limitations

Authorized Loan Amount and Term: Define the maximum loan amount and period a user can approve.
Dual Evaluation Requirement: Enforce a secondary review for loan approvals if enabled.

Step 3 - Grant Collection Rights

These rights define the actions a user can take when handling collection tickets. A collection ticket is an actionable task that provides details on why a particular loan installment is overdue and enables users to perform specific actions to manage the outstanding payment.

Key Considerations for Senior Originators

Although all collection rights are most suitable for a branch manager role, for senior originators, it may be beneficial to grant selective collection management rights, such as:

Assigning Tickets to a Collector – Allows users to delegate overdue loan cases to specific collectors for follow-up.
Recording Collection Notes – Enables users to document interactions and payment commitments from the client.
Suspending a Collection Ticket – Permits the temporary suspension of a collection ticket, which may allow the client to receive a new loan despite having an unresolved collection case.

The available rights are illustrated in the screenshot below.

Step 4 - Grant Transaction Rights

Each option in this section determines access to the corresponding modules within the Transaction menu. When an option is enabled, users in the selected role will have access to that specific functionality.

Client Ledger Transactions: Grants users the ability to view and access the client ledger.
Purchase and Sale Transactions: Enables users to create purchase and sale transactions.
Search and Edit Transactions: Provides users access to the transaction search feature along with the ability to edit transactions.
Reconcile Transactions: Allows users to perform day-end reconciliation tasks.

Transaction type rights

You can manage the types of transactions a user is allowed to create or authorize (refer to the screenshot below). This means the user can only create transactions using the methods enabled in these settings.

For instance, if the POS option is not selected and a user in this role tries to create a POS transaction in the app, Mobiloan will prevent the transaction and display an appropriate message on the screen.

Allps Point-of-sale

The ALLPS Point-of-Sale section allows you to configure user permissions related to POS transactions. You can enable or disable the following options:

POS Debit Client: Grants the ability to process debit transactions for clients using the POS system.
POS Credit Client: Enables users to perform credit transactions for clients via the POS system.
Cancel POS Transaction: Allows users to cancel transactions conducted through the POS system.

To customize permissions, simply check the boxes for the actions you want the user to perform. Leave them unchecked to restrict access to those features.

Allps Debit Order Rights

The following rights provide detailed control over what users can do concerning the creation and management of an ALPS promissory mandate.

Right

Description

Suspend or Activate Promissory

The ability to temporarily pause or restart a series of scheduled debit orders.

Cancel Any Promissory

The ability to permanently stop a series of scheduled debit orders.

Split Initial Promissory

The ability to divide an initial debit order amount into multiple installments.

Edit Promissory Repayment Type

The ability to change the way a series of debit orders are repaid.

Edit Promissory Bank Account

The ability to change the bank account from which a series of debit orders are drawn.

Edit Promissory First Debit Date

The ability to change the start date for a series of debit orders.

Edit Promissory Periods

The ability to change the frequency of debit orders in a series (e.g., monthly to weekly).

Edit Promissory Installment Frequency

The ability to change how often installments are paid within a series of debit orders.

Edit Promissory Collection Day Rule

The ability to define the specific day of the month when debit orders in a series are collected.

Edit Promissory Date Adjustment Rule

The ability to define how the due date is adjusted for weekends or holidays (specific functionality may vary).

Edit Installment Date

The ability to change the due date of a specific debit order within a series.

Edit Installment Amount

The ability to change the amount of a specific debit order within a series.

Edit Tracking Days

The ability to define a buffer period between the notification of a debit order and its collection (specific functionality may vary).

Suspend Installment

The ability to temporarily pause a specific debit order within a series.

Add New Installment

The ability to add an additional installment to a series of debit orders.

Create an RMS Transaction

The ability to register a mandate for failed authentications.

External Debit order rights

If Debit Order is an authorized transaction type, the ability to create manual transactions using debit orders can be restricted based on the following options. These restrictions are governed by the corresponding access rights:

SureSystems TMCT: Grants permission to process debit orders using the SureSystems TMCT platform.
SureSystems MCT: Enables the processing of debit orders via the SureSystems MCT platform.
SureSystems SureDebit: Allows users to manage debit orders through the SureSystems SureDebit platform.
Amplifin External Debit: Provides access to handle external debit orders via the Amplifin platform.

Advanced Ledger Rights

These permissions allow you to manage the actions users can perform when assessing and updating a client's balance. These actions involve processes such as settling a client's account, posting manual receipts, balancing the ledger, and reconciling daily transactions. To restrict access, leave the corresponding options unchecked.

Permission

Description

Delete Unreconciled Transactions

Grants the ability to delete transactions that have not been reconciled.

Cash Settlement Rounding

Allows users to adjust settlement amounts by rounding cash values.

Early Settlement Discount

Enables applying discounts for early settlements.

Late Settlement Add Cost

Allows adding additional costs for late settlements.

Balance Adjustment Journal

Provides access to adjust balances using journal entries.

Receipt During Cooling Off Period

Permits the posting of receipts during the designated cooling-off period.

Create or Edit Unlinked Transactions

Grants the ability to create or modify transactions that are not linked to any specific account.

Receipt More Than What Is Due

Allows users to receipt amounts exceeding the outstanding balance.

Refund More Than Over-Receipted

Enables refunds greater than the over-receipted amount.

Refund via Amplifin Wallet

Grants permission to issue refunds through the Amplifin Wallet system.

Refund via Amplifin EFT

Allows processing refunds via Amplifin Electronic Funds Transfer.

Allow Custom Transaction Date

Permits users to set custom transaction dates during updates.

You can customize these settings by ticking or unticking the relevant options based on the permissions you want users to have.

Step 5 - Grant Reporting Rights

Customize user access to reporting features by selecting the appropriate permissions below. If no options are selected, the user will have no access to the reporting menu.

1. Branch Access

Restricts report visibility to data relevant to the user’s assigned branch.
Users can only access reports with a Branch Scope, ensuring they view branch-specific insights.

2. Company Access

Grants access to all standard company-wide reports, providing a comprehensive view of business performance.
Includes key metrics such as Status Totals, Summaries, and other company-level insights.

3. Custom Access

Allows users to create and generate custom reports tailored to their specific needs.
Enables advanced data analysis and flexibility in reporting to support individual workflows.

4. Advanced Access (Management/Super Users Only)

Unlocks the Advanced Reporting Submenu, providing access to specialized management reports.
Reserved for management and super users who require deeper insights for strategic decision-making.
Includes reports such as:
- Insurance Reports
- Form 39 Reports
- VAT Reports
- Profit & Loss Statements
- Other advanced financial and operational reports.

Step 6 - Grant Tools Rights

Customize user access to tools functionality by selecting the appropriate permissions below. If no options are selected, the user will have no access to the tools menu.

You can set which menu options the user has access to in the Tools menu by ticking the following options which correspond to each menu item in the Tools Menu:

Right

Description

Bulk Client Onhold

Allows access to the "Bulk Hold" option which allows users to change the hold status of client's in bulk

Payroll Remittance

Allows access to the payroll module which enables users to generate and send out payroll remittances / bulk receipt payroll loans.

Reports and Data Exports

Enables access to the data export module - which allows for bulk data to be exported.

Independent credit checks

Allows for credit enquiry outside of the loan origination process.

View Audit Logs

Enables access to the audit log feature - which enables am audit search on any of Mobiloan's data models.

Payout agent commission

Enables user to payout pending commission

Payout broker commission

Enables user to payout pending broker commission

View agent and broker commission only

Enables user to view agent and broker commission only, but not payout.

Messaging Rights

You can authorize the messaging rights that a user has by ticking from the messaging rights shown below.

The table below explain some of the less obvious rights

Right

Description

Send Notification

This refers to in app notifications across another user's device

Create SMS template

This right allows users to create Templated SMS's which include place holder data from the database. This can used to include any detail within a message, for example the client's outstanding balance etc.

Send Broadcast

A broadcast is a message/ notification that is sent to different users and will repeat on a given date range.

Fileshare rights

Customize user access to the Fileshare feature by selecting the appropriate permissions. If no options are selected, the Fileshare feature will not appear in the Tools menu.

This functionality allows users to upload attachments and generate shareable links, referred to as Fileshare objects.

Rights include :

Right

Description

Read Only Access

Allow users to view but not edit fileshare objects

Version History Access

Allow users to access the version history of a file share object

Download Fileshare

Allow users to download the fileshare object

Add Fileshare

Allow users to create fileshare objects

Delete Fileshare

Allow users to delete fileshare objects

The remaining voice call and messaging rights, which have not been explicitly documented, are largely self-explanatory and can be reviewed in the screenshot below.

Step 7 - Grant Maintenance Rights

This permission set includes both View and Edit rights, allowing for granular control over user access to system data and functionalities.

View-Only Access:
- Enabling only View rights ensures that users can access and review information within the system without making any modifications.
- Users with View-only access can query data, inspect records, and generate reports, but they cannot create, delete, or update any existing objects.
Edit Access:
- Granting Edit rights allows users to modify, update, or delete existing records, as well as create new entries where applicable.

By carefully assigning View and Edit permissions, organizations can maintain data integrity while ensuring that users only have the level of access necessary for their roles.

Edit Right

Description

Agent

Allows the user to view, edit and create Agents

Area

Allows the user to view, edit and create new areas using the Google Map

Client

Allows the user to load and view clients as well as information in the Client Menu

Loan

Allows the user to load and view loans as well as information in the Loan Menu

Device

Allows the user to view, edit and create new devices

User

Allows the user to view, edit and Create New Users in Mobiloan

Supplier

Allows the user to view, edit and create new suppliers which are used in administrative expense capturing

Employer Rights

Option

Description

Limit employer to single branch

Restricts an employer to operating from a specific branch

Blacklist employer

Prevents an employer from being used for new loan applications

Assign employer to online app

Designates an employer as eligible for online loan applications

Assign employer discount on loan product

Applies a specific discount to loans for this employer

Assign payroll employer

Indicates that the employer is a payroll client

Lock employer defaults

Prevents changes to the employer's information

Client Hold Rights

The remaining Client Hold Rights, which have not been explicitly detailed, are primarily self-explanatory. These rights determine the specific hold statuses that can be assigned to a client, allowing users to manually place a client on hold for a specified reason.

Client holds are typically used in situations where a client’s account requires temporary restrictions due to compliance, overdue payments, account reviews, or other governing factors. The available hold status options and their functionalities can be reviewed in the screenshot below.

Roles Authorized for New User Assignment

This selection menu determines the specific roles that a user is permitted to assign when creating new user accounts.

It defines which user roles this particular user can create, ensuring they are restricted to assigning only the pre-approved roles within the system.
When this role initiates the creation of a new user, their ability to assign roles will be limited to the options configured in this setting.

This feature helps maintain structured role management and prevents unauthorized role assignments.

Step 8 - Grant Setup Rights

This step allows you to define which options within the Setup Menu a user with this role can access.

By default, full Setup Menu access is typically reserved for Super Users, as it grants control over critical system configurations.

However, in certain exceptional cases, a Branch Manager or other designated roles may require access to specific setup features, such as:

Document Setup – Managing document templates and configurations.

To assign access, simply tick the checkboxes corresponding to the setup options you wish to grant. For a detailed explanation of each option, please refer to the Overview section

The screenshot below depicts all available setup rights.

Step 9 - Assign Users to the Configured Role

In this final step, select the users who should be assigned to the newly configured role. Additionally, you have the option to:

Restrict Access Times – Define specific time periods during which users can log in and access the system.
Enhance Login Security – Apply additional security measures, such as multi-factor authentication or IP-based restrictions.

Ensure that all assigned users align with the intended permissions and security settings before finalizing the setup.

Two Factor Authentication (2FA)

Mobiloan safeguards your account with two-factor authentication (2FA) when logging in from a new device. This adds an extra layer of security beyond just a password.

Upon logging in from a new device, Mobiloan will prompt you to register it as authorized.
Verification is done through a one-time passcode (OTP) sent to your phone or registered email.

This 2FA system prevents unauthorized users from accessing your account even if they have your password.

SurePhrase Authentication

SurePhrase Passkey – Enhanced Security for Your Account

The SurePhrase Passkey is a security feature designed to add an additional layer of protection to your user account. It helps safeguard against unauthorized access by requiring users to input randomized portions of their passkey during login.

How It Works:

Unique Passkey Setup
- During operator enrollment, you will be required to create and securely save a unique 8-character passkey.
- This passkey will serve as an additional authentication factor beyond your regular login credentials.
Dynamic Randomized Prompts 🔒
- Each time you log in, the system will present a randomized prompt, asking for specific characters from your SurePhrase Passkey.
- These requested characters will change with every login attempt, ensuring that the entire passkey is never entered at once.
- This method significantly increases security by making it much more difficult for an unauthorized person to guess or intercept your full passkey.

By implementing the SurePhrase Passkey, you strengthen your account’s security, reducing the risk of credential theft or unauthorized access.

The Role setup is now complete. Please ensure that all required fields are filled in. You can now verify that the new Role object has been successfully created.